Privacy Policy

1. Who We Are

RealmsGate is operated by OLJ Media Pte. Ltd., incorporated in Singapore. "We," "us," and "our" refer to OLJ Media Pte. Ltd. as data controller. Platform: realmsgate.ai  ·  App: app.realmsgate.ai

2. Data We Collect

Account & Identity

• Full name, email, phone number
• NRIC or FIN — used as primary learner identifier
• Date of birth, academic level, nationality

Learning & Academic

• Enrollment records, attendance history
• Assessment submissions, grades, progress data
• Make-up class requests and scheduling records

Payment & Financial

• Invoice history and payment records
• Payment methods processed by HitPay and Stripe — we do not store card numbers

Technical & Usage

• IP address, browser type, device identifiers, pages visited

Parent / Guardian

• Parent name, email, phone, relationship to learner

3. How We Use Your Data

• Platform operation: Account management, enrollment, course delivery, attendance, assessments
• Billing: Invoice generation, payment processing, payment history
• Communications: Service notifications, invoice reminders, support responses
• AI features: Task recommendations and automated data processing for platform workflows
• Security & compliance: Fraud prevention, legal obligations under Singapore law

We do not use your data for advertising or sell it to third parties.

4. Legal Basis

• Contractual necessity: Data required to deliver subscribed services
• Consent: Where explicitly provided
• Legal obligation: Required by Singapore law
• Legitimate interests: Security and fraud prevention

For learners under 18, we rely on consent provided by a parent or guardian at enrollment.

5. Data Sharing & Third Parties

Payment Processors

• HitPay — Singapore payment gateway
• Stripe, Inc. — card processing

Analytics & Infrastructure

• Google LLC — Google Tag Manager and Analytics
• Cloudflare, Inc. — web performance and security

Your Education Organization

• Administrators of your enrolled organization can access your learner data through the platform

We do not sell or rent personal data for marketing purposes.

6. Data Retention

• Active accounts: Duration of subscription
• Closed accounts: Minimum 3 years post-closure
• Payment records: 7 years (Singapore accounting requirements)
• NRIC data: Retained only as long as required for identification

7. Your Rights Under PDPA

• Right of access: Request a copy of your personal data
• Right of correction: Request correction of inaccurate data
• Right of withdrawal: Withdraw consent where applicable
• Right to portability: Request data in machine-readable format where feasible

Contact our DPO (Section 13). We respond within 30 days.

8. Cookies & Tracking

• Essential cookies: Session management and authentication
• Analytics: Google Analytics and Cloudflare Analytics
• Tag management: Google Tag Manager

9. Data Security

• TLS/HTTPS encryption on all endpoints
• Role-based access control
• Cloudflare security layer
• PCI-DSS compliant payment processing via HitPay and Stripe

Data breaches posing significant harm will be reported to the PDPC within 3 calendar days.

10. Children's Privacy

• Minor accounts are created by their education organization
• Parent or guardian consent is obtained at enrollment
• Learner data is never used for marketing

11. Cross-Border Transfers

Some service providers operate outside Singapore (Google, Cloudflare, Stripe — US-based). Appropriate contractual protections are in place as required under PDPA.

12. Policy Changes

Material changes will be notified via email or in-platform notification. Continued use after the effective date constitutes acceptance.

13. Contact Our DPO